public static ClaimsIdentity InitAuth(CookieResponseSignInContext ctx)
{
var ident = ctx.Identity;
var hctx =
(HttpContextWrapper)
ctx.Request.Environment.Single(e => e.Key == "System.Web.HttpContextBase").Value;
var wutContext = DependencyResolver.Current.GetService <WutNuContext>();
return(InitAuth(ident, hctx, wutContext));
}
private ChatUser GetLoggedInUser(CookieResponseSignInContext context)
{
var principal = context.Request.User as ClaimsPrincipal;
if (principal != null)
{
return(_repository.GetLoggedInUser(principal));
}
return(null);
}
public static ClaimsIdentity InitAuth(CookieResponseSignInContext ctx)
{
var ident = ctx.Identity;
var hctx =
(HttpContextWrapper)
ctx.Request.Environment.Single(e => e.Key == "System.Web.HttpContextBase").Value;
var initResults = InitAuth(ident, hctx);
return(initResults);
}
public void ResponseSignIn(CookieResponseSignInContext context)
{
if (context.Identity.HasClaim(c => c.Type == SPAddinClaimTypes.SPAddinAuthentication) &&
!context.Identity.HasClaim(c => c.Type == SPAddinClaimTypes.ShortHandUrl))
{
var hostUrl = context.Identity.FindFirst(SPAddinClaimTypes.SPHostUrl).Value;
var navigationManager = new NavigationManager(context.OwinContext);
var host = navigationManager.EnsureHostByUrl(hostUrl);
context.Identity.AddClaim(new Claim(SPAddinClaimTypes.ShortHandUrl, host.ShortHandUrl));
}
}
public override void ResponseSignIn(CookieResponseSignInContext context)
{
if (context.Identity is UmbracoBackOfficeIdentity backOfficeIdentity)
{
//generate a session id and assign it
//create a session token - if we are configured and not in an upgrade state then use the db, otherwise just generate one
var session = _runtimeState.Level == RuntimeLevel.Run
? _userService.CreateLoginSession(backOfficeIdentity.Id, context.OwinContext.GetCurrentRequestIpAddress())
: Guid.NewGuid();
backOfficeIdentity.SessionId = session.ToString();
}
base.ResponseSignIn(context);
}
public override void ResponseSignIn(CookieResponseSignInContext context)
{
if (context.Identity is UmbracoBackOfficeIdentity backOfficeIdentity)
{
//generate a session id and assign it
//create a session token - if we are configured and not in an upgrade state then use the db, otherwise just generate one
var session = _runtimeState.Level == RuntimeLevel.Run
? _userService.CreateLoginSession(backOfficeIdentity.Id, context.OwinContext.GetCurrentRequestIpAddress())
: Guid.NewGuid();
backOfficeIdentity.SessionId = session.ToString();
//since it is a cookie-based authentication add that claim
backOfficeIdentity.AddClaim(new Claim(ClaimTypes.CookiePath, "/", ClaimValueTypes.String, UmbracoBackOfficeIdentity.Issuer, UmbracoBackOfficeIdentity.Issuer, backOfficeIdentity));
}
base.ResponseSignIn(context);
}
private static void AddClaim(CookieResponseSignInContext context, ChatUser user)
{
// Do nothing if the user is banned
if (user.IsBanned)
{
return;
}
// Add the jabbr id claim
context.Identity.AddClaim(new Claim(JabbRClaimTypes.Identifier, user.Id));
// Add the admin claim if the user is an Administrator
if (user.IsAdmin)
{
context.Identity.AddClaim(new Claim(JabbRClaimTypes.Admin, "true"));
}
EnsurePersistentCookie(context);
}
public override void ResponseSignIn(CookieResponseSignInContext context)
{
var principle = new ClaimsPrincipal(context.Identity);
var pictureClaim = principle.FindFirst("profilePicture");
var idClaim = principle.FindFirst(ClaimTypes.NameIdentifier);
var nameClaim = principle.FindFirst(ClaimTypes.Name);
var emailClaim = principle.FindFirst(ClaimTypes.Email);
var id = idClaim == null ? Guid.NewGuid().ToString() : idClaim.Value;
var name = nameClaim == null ? "unknown" : System.Net.WebUtility.HtmlEncode(nameClaim.Value);
var photo = pictureClaim != null ? pictureClaim.Value : GetPhotoUrl(emailClaim == null ? "" : emailClaim.Value);
var rc = new RegisteredClient()
{
Identity = id,
DisplayName = name,
Photo = photo
};
SetState(rc, context.Response);
}
public override void ResponseSignIn(CookieResponseSignInContext context)
{
var backOfficeIdentity = context.Identity as UmbracoBackOfficeIdentity;
if (backOfficeIdentity != null)
{
//generate a session id and assign it
//create a session token - if we are configured and not in an upgrade state then use the db, otherwise just generate one
//NOTE - special check because when we are upgrading to 7.8 we cannot create a session since the db isn't ready and we'll get exceptions
var canAcquireSession = _appCtx.IsUpgrading == false || _appCtx.CurrentVersion() >= MinUmbracoVersionSupportingLoginSessions;
var session = canAcquireSession
? _appCtx.Services.UserService.CreateLoginSession((int)backOfficeIdentity.Id, context.OwinContext.GetCurrentRequestIpAddress())
: Guid.NewGuid();
backOfficeIdentity.UserData.SessionId = session.ToString();
}
base.ResponseSignIn(context);
}
public override void ResponseSignIn(CookieResponseSignInContext context)
{
var principle = new ClaimsPrincipal(context.Identity);
var pictureClaim = principle.FindFirst("profilePicture");
var idClaim = principle.FindFirst(ClaimTypes.NameIdentifier);
var nameClaim = principle.FindFirst(ClaimTypes.Name);
var emailClaim = principle.FindFirst(ClaimTypes.Email);
var id = idClaim == null?Guid.NewGuid().ToString() : idClaim.Value;
var name = nameClaim == null ? "unknown" : System.Net.WebUtility.HtmlEncode(nameClaim.Value);
var photo = pictureClaim != null ? pictureClaim.Value : GetPhotoUrl(emailClaim == null ? "" : emailClaim.Value);
var rc = new RegisteredClient()
{
Identity = id,
DisplayName = name,
Photo = photo
};
SetState(rc, context.Response);
}
/// <summary>
/// Applies grants to the response
/// </summary>
/// <returns></returns>
protected override async Task ApplyResponseGrantAsync()
{
AuthenticationResponseGrant signin = Helper.LookupSignIn(Options.AuthenticationType);
bool shouldSignin = signin != null;
AuthenticationResponseRevoke signout = Helper.LookupSignOut(Options.AuthenticationType, Options.AuthenticationMode);
bool shouldSignout = signout != null;
if (!(shouldSignin || shouldSignout || _shouldRenew))
{
return;
}
AuthenticationTicket model = await AuthenticateAsync();
try
{
var cookieOptions = new CookieOptions
{
Domain = Options.CookieDomain,
HttpOnly = Options.CookieHttpOnly,
Path = Options.CookiePath ?? "/",
};
if (Options.CookieSecure == CookieSecureOption.SameAsRequest)
{
cookieOptions.Secure = Request.IsSecure;
}
else
{
cookieOptions.Secure = Options.CookieSecure == CookieSecureOption.Always;
}
if (shouldSignin)
{
var signInContext = new CookieResponseSignInContext(
Context,
Options,
Options.AuthenticationType,
signin.Identity,
signin.Properties,
cookieOptions);
DateTimeOffset issuedUtc;
if (signInContext.Properties.IssuedUtc.HasValue)
{
issuedUtc = signInContext.Properties.IssuedUtc.Value;
}
else
{
issuedUtc = Options.SystemClock.UtcNow;
signInContext.Properties.IssuedUtc = issuedUtc;
}
if (!signInContext.Properties.ExpiresUtc.HasValue)
{
signInContext.Properties.ExpiresUtc = issuedUtc.Add(Options.ExpireTimeSpan);
}
Options.Provider.ResponseSignIn(signInContext);
if (signInContext.Properties.IsPersistent)
{
DateTimeOffset expiresUtc = signInContext.Properties.ExpiresUtc ?? issuedUtc.Add(Options.ExpireTimeSpan);
signInContext.CookieOptions.Expires = expiresUtc.ToUniversalTime().DateTime;
}
model = new AuthenticationTicket(signInContext.Identity, signInContext.Properties);
if (Options.SessionStore != null)
{
if (_sessionKey != null)
{
await Options.SessionStore.RemoveAsync(_sessionKey);
}
_sessionKey = await Options.SessionStore.StoreAsync(model);
ClaimsIdentity identity = new ClaimsIdentity(
new[] { new Claim(SessionIdClaim, _sessionKey) },
Options.AuthenticationType);
model = new AuthenticationTicket(identity, null);
}
string cookieValue = Options.TicketDataFormat.Protect(model);
Options.CookieManager.AppendResponseCookie(
Context,
Options.CookieName,
cookieValue,
signInContext.CookieOptions);
var signedInContext = new CookieResponseSignedInContext(
Context,
Options,
Options.AuthenticationType,
signInContext.Identity,
signInContext.Properties);
Options.Provider.ResponseSignedIn(signedInContext);
}
else if (shouldSignout)
{
if (Options.SessionStore != null && _sessionKey != null)
{
await Options.SessionStore.RemoveAsync(_sessionKey);
}
var context = new CookieResponseSignOutContext(
Context,
Options,
cookieOptions);
Options.Provider.ResponseSignOut(context);
Options.CookieManager.DeleteCookie(
Context,
Options.CookieName,
context.CookieOptions);
}
else if (_shouldRenew && model.Identity != null)
{
model.Properties.IssuedUtc = _renewIssuedUtc;
model.Properties.ExpiresUtc = _renewExpiresUtc;
if (Options.SessionStore != null && _sessionKey != null)
{
await Options.SessionStore.RenewAsync(_sessionKey, model);
ClaimsIdentity identity = new ClaimsIdentity(
new[] { new Claim(SessionIdClaim, _sessionKey) },
Options.AuthenticationType);
model = new AuthenticationTicket(identity, null);
}
string cookieValue = Options.TicketDataFormat.Protect(model);
if (model.Properties.IsPersistent)
{
cookieOptions.Expires = _renewExpiresUtc.ToUniversalTime().DateTime;
}
Options.CookieManager.AppendResponseCookie(
Context,
Options.CookieName,
cookieValue,
cookieOptions);
}
Response.Headers.Set(
HeaderNameCacheControl,
HeaderValueNoCache);
Response.Headers.Set(
HeaderNamePragma,
HeaderValueNoCache);
Response.Headers.Set(
HeaderNameExpires,
HeaderValueMinusOne);
bool shouldLoginRedirect = shouldSignin && Options.LoginPath.HasValue && Request.Path == Options.LoginPath;
bool shouldLogoutRedirect = shouldSignout && Options.LogoutPath.HasValue && Request.Path == Options.LogoutPath;
if ((shouldLoginRedirect || shouldLogoutRedirect) && Response.StatusCode == 200)
{
IReadableStringCollection query = Request.Query;
string redirectUri = query.Get(Options.ReturnUrlParameter);
if (!string.IsNullOrWhiteSpace(redirectUri) &&
IsHostRelative(redirectUri))
{
var redirectContext = new CookieApplyRedirectContext(Context, Options, redirectUri);
Options.Provider.ApplyRedirect(redirectContext);
}
}
}
catch (Exception exception)
{
CookieExceptionContext exceptionContext = new CookieExceptionContext(Context, Options,
CookieExceptionContext.ExceptionLocation.ApplyResponseGrant, exception, model);
Options.Provider.Exception(exceptionContext);
if (exceptionContext.Rethrow)
{
throw;
}
}
}
private void ResponseSignIn(CookieResponseSignInContext context)
{
context.Options.CookieDomain = context.Request.Uri.Host;
}
protected override async Task HandleSignInAsync(SignInContext signin)
{
var ticket = await EnsureCookieTicket();
try
{
var tenantResolver = tenantResolverFactory.GetResolver();
var cookieOptions = BuildCookieOptions();
//var signInContext = new CookieResponseSignInContext(
// Context,
// Options,
// Options.AuthenticationScheme,
// signin.Principal,
// new AuthenticationProperties(signin.Properties),
// cookieOptions);
var signInContext = new CookieResponseSignInContext(
Context,
Options,
tenantResolver.ResolveAuthScheme(Options.AuthenticationScheme),
signin.Principal,
new AuthenticationProperties(signin.Properties),
cookieOptions);
DateTimeOffset issuedUtc;
if (signInContext.Properties.IssuedUtc.HasValue)
{
issuedUtc = signInContext.Properties.IssuedUtc.Value;
}
else
{
issuedUtc = Options.SystemClock.UtcNow;
signInContext.Properties.IssuedUtc = issuedUtc;
}
if (!signInContext.Properties.ExpiresUtc.HasValue)
{
signInContext.Properties.ExpiresUtc = issuedUtc.Add(Options.ExpireTimeSpan);
}
Options.Notifications.ResponseSignIn(signInContext);
if (signInContext.Properties.IsPersistent)
{
var expiresUtc = signInContext.Properties.ExpiresUtc ?? issuedUtc.Add(Options.ExpireTimeSpan);
signInContext.CookieOptions.Expires = expiresUtc.ToUniversalTime().DateTime;
}
ticket = new AuthenticationTicket(signInContext.Principal, signInContext.Properties, signInContext.AuthenticationScheme);
if (Options.SessionStore != null)
{
if (_sessionKey != null)
{
await Options.SessionStore.RemoveAsync(_sessionKey);
}
_sessionKey = await Options.SessionStore.StoreAsync(ticket);
var principal = new ClaimsPrincipal(
new ClaimsIdentity(
new[] { new Claim(SessionIdClaim, _sessionKey, ClaimValueTypes.String, Options.ClaimsIssuer) },
Options.ClaimsIssuer));
//ticket = new AuthenticationTicket(principal, null, Options.AuthenticationScheme);
ticket = new AuthenticationTicket(principal, null, tenantResolver.ResolveAuthScheme(Options.AuthenticationScheme));
}
//var cookieValue = Options.TicketDataFormat.Protect(ticket);
var ticketDataFormet = GetTicketDataFormat(tenantResolver);
var cookieValue = ticketDataFormet.Protect(ticket);
//Options.CookieManager.AppendResponseCookie(
// Context,
// Options.CookieName,
// cookieValue,
// signInContext.CookieOptions);
Options.CookieManager.AppendResponseCookie(
Context,
tenantResolver.ResolveCookieName(Options.CookieName),
cookieValue,
signInContext.CookieOptions);
//var signedInContext = new CookieResponseSignedInContext(
// Context,
// Options,
// Options.AuthenticationScheme,
// signInContext.Principal,
// signInContext.Properties);
var signedInContext = new CookieResponseSignedInContext(
Context,
Options,
tenantResolver.ResolveAuthScheme(Options.AuthenticationScheme),
signInContext.Principal,
signInContext.Properties);
Options.Notifications.ResponseSignedIn(signedInContext);
var shouldLoginRedirect = Options.LoginPath.HasValue && OriginalPath == Options.LoginPath;
ApplyHeaders(shouldLoginRedirect);
}
catch (Exception exception)
{
var exceptionContext = new CookieExceptionContext(Context, Options,
CookieExceptionContext.ExceptionLocation.SignIn, exception, ticket);
Options.Notifications.Exception(exceptionContext);
if (exceptionContext.Rethrow)
{
throw;
}
}
}
public void ResponseSignIn(CookieResponseSignInContext context)
{
_cookieAuthenticationProvider.ResponseSignIn(context);
}
/// <summary>
/// Implements the interface method by invoking the related delegate method
/// </summary>
/// <param name="context"></param>
public virtual void ResponseSignIn(CookieResponseSignInContext context)
{
OnResponseSignIn.Invoke(context);
}
public void ResponseSignIn(CookieResponseSignInContext context)
{
}
public void ResponseSignIn(CookieResponseSignInContext context)
{
var authResult = new AuthenticationResult
{
Success = true
};
EmailUser loggedInUser = GetLoggedInUser(context);
var principal = new ClaimsPrincipal(context.Identity);
// Do nothing if it's authenticated
if (principal.IsAuthenticated())
{
EnsurePersistentCookie(context);
return;
}
var user = GetUser(principal);
authResult.ProviderName = principal.GetIdentityProvider();
// The user exists so add the claim
if (user != null)
{
if (loggedInUser != null && user != loggedInUser)
{
// Set an error message
authResult.Message = String.Format("This {0} account has already been linked to another user.", authResult.ProviderName);
authResult.Success = false;
// Keep the old user logged in
context.Identity.AddClaim(new Claim(EmailRClaimTypes.Identifier, loggedInUser.Id.ToString()));
}
else
{
// Login this user
AddClaim(context, user);
}
}
else if (principal.HasRequiredClaims())
{
EmailUser targetUser = null;
// The user doesn't exist but the claims to create the user do exist
if (loggedInUser == null)
{
// New user so add them
user = _membershipService.AddUser(principal);
targetUser = user;
}
else
{
// If the user is logged in then link
_membershipService.LinkIdentity(loggedInUser, principal);
_session.SaveChanges();
authResult.Message = String.Format("Successfully linked {0} account.", authResult.ProviderName);
targetUser = loggedInUser;
}
AddClaim(context, targetUser);
}
else if(!principal.HasPartialIdentity())
{
// A partial identity means the user needs to add more claims to login
context.Identity.AddClaim(new Claim(EmailRClaimTypes.PartialIdentity, "true"));
}
var cookieOptions = new CookieOptions
{
HttpOnly = true
};
context.Response.Cookies.Append(Constants.AuthResultCookie,
JsonConvert.SerializeObject(authResult),
cookieOptions);
}
public void ResponseSignIn(CookieResponseSignInContext context)
{
context.OwinContext.TraceOutput.WriteLine($"ResponseSignIn {context.AuthenticationType} {context.Identity.Name}");
}
protected virtual void DoResponseSignIn(CookieResponseSignInContext context)
{
//AuthenticationResponseGrant signin = Helper.LookupSignIn(Options.AuthenticationType);
var s = context.Response.StatusCode;
}
private static void EnsurePersistentCookie(CookieResponseSignInContext context)
{
if (context.Properties == null)
{
context.Properties = new AuthenticationProperties();
}
context.Properties.IsPersistent = true;
}
public void ResponseSignIn(CookieResponseSignInContext context)
{
//throw new NotImplementedException();
}
private static void AddClaim(CookieResponseSignInContext context, ChatUser user)
{
// Do nothing if the user is banned
if (user.IsBanned)
{
return;
}
// Add the jabbr id claim
context.Identity.AddClaim(new Claim(JabbRClaimTypes.Identifier, user.Id));
// Add the admin claim if the user is an Administrator
if (user.IsAdmin)
{
context.Identity.AddClaim(new Claim(JabbRClaimTypes.Admin, "true"));
}
EnsurePersistentCookie(context);
}
private ChatUser GetLoggedInUser(CookieResponseSignInContext context)
{
var principal = context.Request.User as ClaimsPrincipal;
if (principal != null)
{
return _repository.GetLoggedInUser(principal);
}
return null;
}
private EmailUser GetLoggedInUser(CookieResponseSignInContext context)
{
var principal = context.Request.User as ClaimsPrincipal;
if (principal != null)
{
var userId = principal.GetUserId();
return _session.Query<EmailUser>().SingleOrDefault(u => u.Id != null && u.Id == principal.GetUserId());
}
return null;
}
public override void ResponseSignIn(CookieResponseSignInContext context)
{
context.Options.CookiePath = TenantCookiePath();
base.ResponseSignIn(context);
}
public void ResponseSignIn(CookieResponseSignInContext context)
{
var authResult = new AuthenticationResult
{
Success = true
};
ChatUser loggedInUser = GetLoggedInUser(context);
var principal = new ClaimsPrincipal(context.Identity);
// Do nothing if it's authenticated
if (principal.IsAuthenticated())
{
EnsurePersistentCookie(context);
return;
}
ChatUser user = _repository.GetUser(principal);
authResult.ProviderName = principal.GetIdentityProvider();
// The user exists so add the claim
if (user != null)
{
if (loggedInUser != null && user != loggedInUser)
{
// Set an error message
authResult.Message = String.Format(LanguageResources.Account_AccountAlreadyLinked, authResult.ProviderName);
authResult.Success = false;
// Keep the old user logged in
context.Identity.AddClaim(new Claim(JabbRClaimTypes.Identifier, loggedInUser.Id));
}
else
{
// Login this user
AddClaim(context, user);
}
}
else if (principal.HasRequiredClaims())
{
ChatUser targetUser = null;
// The user doesn't exist but the claims to create the user do exist
if (loggedInUser == null)
{
// New user so add them
user = _membershipService.AddUser(principal);
targetUser = user;
}
else
{
// If the user is logged in then link
_membershipService.LinkIdentity(loggedInUser, principal);
_repository.CommitChanges();
authResult.Message = String.Format(LanguageResources.Account_AccountLinkedSuccess, authResult.ProviderName);
targetUser = loggedInUser;
}
AddClaim(context, targetUser);
}
else if (!principal.HasPartialIdentity())
{
// A partial identity means the user needs to add more claims to login
context.Identity.AddClaim(new Claim(JabbRClaimTypes.PartialIdentity, "true"));
}
var cookieOptions = new CookieOptions
{
HttpOnly = true
};
context.Response.Cookies.Append(Constants.AuthResultCookie,
JsonConvert.SerializeObject(authResult),
cookieOptions);
}
public override void ResponseSignIn(CookieResponseSignInContext context)
{
base.ResponseSignIn(context);
}
private static void AddClaim(CookieResponseSignInContext context, EmailUser user)
{
// Add the jabbr id claim
context.Identity.AddClaim(new Claim(EmailRClaimTypes.Identifier, user.Id.ToString()));
// Add the admin claim if the user is an Administrator
if (user.IsAdmin)
{
context.Identity.AddClaim(new Claim(EmailRClaimTypes.Admin, "true"));
}
EnsurePersistentCookie(context);
}
